ipsec: fix AES CBC IV generation (CVE-2022-46397)

For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.

Fixes: VPP-2037
Type: fix

Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>

tcp: fix bt acked_sacked on recovery

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e2d76661fbb07dd8c6afa3583bb18e01b7a7fb6
(cherry picked from commit 3e2ec42a07ae51aed54e63d05e743a338c666e30)

virtio: fix the tcp/udp checksum offloads

Some vhost-backend calculates the wrong checksum in
case of tcp/udp offload when driver resets tcp/udp
checksum field to '0'.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I3c45df487f00d7e3d949b4efb32d7f7e01d1108b

misc: 19.08.3 Release Notes

Change-Id: I809f417fabea96df506886ae6576b6e8c1b72caf
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

ipsec: fix esp padding

Type: fix
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
Change-Id: Ic8db52b41d7e5af3425099f008984e50afb3da74

ikev2: use remote proposals when installing tunnel

Type: fix

Change-Id: Ia1556aa854fa83fb5340308c4eec868b7b4f8351
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

ikev2: announce both 'ESN' and 'No ESN'

Type: fix

Change-Id: If73b88b9478b9314df6d9163c3a13724d4253c80
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit fbd47cf83546613ce16f8fc10105609cf51cbfc2)

ikev2: fix wrong index computation

Type: fix

Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit c17d6cfaf4fc66927f28af9d8d7cb8ce2a1d839c)

ikev2: fix incorrect reply messages

Type: fix

Change-Id: Idd679885f42de45429a1dcbf3b0af1037dc54d2b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit fe7b8c2b4aeadaa5cf3f55b0fcc04600c91df427)

http_static: fix session cleanup

While cherry-picking: Fix extras/scripts/check_commit_msg so it accepts '_' characters in
feature names.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibb380eecca76ed9c00ed14c167dfcf576f943db0
(cherry picked from commit 0f4e3c22ed5951e0a68e6b40fda1ac63ab5e3c3e)
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

dns: fix coverity warnings

Type: fix
Ticket: VPP-1837

Partial cherry-pick from a357a938019c8df2b061cc5bd14cd8a64fac694f

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a

memif: wrong interface counter is incremented

vlib_increment_combined_counter takes sw_if_index, not hw_if_index.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iecde2697ed490940f0eff796d28d15381405b895
(cherry picked from commit 35050289e6b5f6e2939b1d08ed058ab952468943)

vppinfra: fix clib_count_equal_u8/16/32/64 overflow

Type: fix

Change-Id: Id5ca868cd7a2abc9320206f0336aa3348f5906e3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 2a0bd4a7d1745bee38ac80bcc4c8bc6e5af2a7cc)

ip: fix punt cli to only consumes a line of input

Type: fix

Change-Id: Idb6f82e08b29e3805ed2133acb5fd7226148f672
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 9ae3c6a40f268741b87f94a5b75f1b5d1d2128e3)

hsa: fix http server session cleanup

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6832e3f24a56e043415a32eb4072d0bfb7697251
(cherry picked from commit 7d941d45bc649f760c650dab3e715585a61d9cf9)

lisp: fix cli locator-set name null termination

Type: fix

Change-Id: I5f550bd6a03f47b829ef99803cb6b9ac86329450
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 39771adc1da61943978c18b58b35dedc9dddc4b0)

lisp: fix lisp/one enable/disable

Type: fix

Change-Id: Iefe6b3a1a0a999d89ef9812fc14d31159043e60c
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 508dc51bd075f6bb16862265c0c43e8efb76349c)

lacp: fix vector overflow

Type: fix

Change-Id: I8f776ce10ee8c29689db5ceef70df42dfb6b747c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c72995dd79500dd5791e71fd3edeae527c257351)

interface: fix show/clear hardware-interfaces string overflow

Type: fix

Change-Id: Iab99bc1f6c309fae6eaa714b484274fe7072a4cb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 17814d74dbbc85573adbf970644caa4b1ac9bbb4)

pci: fix non NULL-terminated vector used as C string overflow

Type: fix

Change-Id: Iab512ba8c72c9e20aeba2d4265276bcabf095d46
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit e3a24300d08f04146935ec0d3b02e03276d6cc68)

session: cleanup lookup table for rejected session

Type: fix

Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id20f693a5acdee74ab534e9964418973537b977f
(cherry picked from commit c7fd24e30bb5ac68f3c82eafee9dc192289add7f)

feature: fix feature config data initialization overflow

Copy only exactly the data provided by the user even when it is not a
4-bytes multiple.

Type: fix

Change-Id: I2ef987c37e58523a38b46b09227529db2c26aa55
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c79a14f13a0db6f59123e0e6b0b71d4f24433b01)

pppoe: fix uninitialized memory bug

In pppoe_cp_node.c, node->errors[error0] was accessed without
node->errors being initialized.

Found with AFL + ASAN.

Type: fix
Signed-off-by: TimotheeChauvin <timchauv@cisco.com>
Change-Id: Ide8a60021b2d47b5e2fce7062d8f12c7f4d225f7
(cherry picked from commit 2887159a1a5f5c501c2df59bf88e6faa38e9699f)

vppinfra: fix format_c_identifier vector overflow

In case of vector, we must check length before trying to access element.
Also fix wrong DPDK plugin workaround.

Type: fix

Change-Id: I2ecef1c88ebef2362f48cab0d462699aa43cd4b9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 1bd6f61820c6c15534ebb04a4b070ba84bf08a9d)

vppinfra: enable STATIC_ASSERT with clang

For some reason clang does not support &((struct foo*)0)->field in
static assertion contrary to gcc.
Use offsetof() macro implementation provided by both compilers instead.

Type: fix

Change-Id: I3311cdd29c5861e45dc0ef92f2bbd66242ca73b8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 5e60c17f49082b7731778e81b58177177a31b58f)

ip: fix format_ip6_address_and_mask() bug

Previously there's a format_ip4_address in format_ip6...
This patch fixes this typo

Type: fix

Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ice124db6594720ed35a992d069341f399c331e1d
(cherry picked from commit e30f9c5c6342a0f2430848ec4166b75596642964)

ip: set ip4 mask for ip_copy and ip_set when dealing with ip4 type

Type: fix

Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I3ace7dfe3ddacb4f7fa7a974a2ffe2b3cf902ff9
(cherry picked from commit 9268b5823fa7a16195f638e5b1f9c54b430f2f3c)

ip: fix the order in ip4 punt redirect

Type: fix
Fixes: a84cb715f5a4366dd2f32de18ad92bec566924da

Change-Id: Id448d6ae9cfdd3122e8187121c509412835117c5
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit c6eae9c079defa4812270945d614c4598db262d8)

classify: fix debug CLI

unformat_ip6_mask wasn't accounting for customized field names
when deciding if it managed to parse at least one field.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I26cab4c6828b510e277079628af5115ac43af3ff
(cherry picked from commit 126c88544103d3775252f741398111875f6a62d7)

tcp: avoid rcv wnd more than RX fifo can enqueue

Type: fix

Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie358b731f8ecb1fcaebd6e79f5ce5c10802c2814
(cherry picked from commit cc1085647b2ae36e6c086d65b4e81b9f1cf9fc9a)

udp: align udp_encap_t_ to 2 cachelines

Based on the comments in the struct, udp_encap_t_ is meant to span 2
cachelines. Due to the 64 bit alignment of dpo_id_t, the struct spanned
3 cachelines. This caused fetching ue_ip_proto to trigger an additional
cache miss. This patch rearranges the ordering of the struct fields
so that udp_encap_t_ only spans 2 cachelines as intended.

before:
(gdb) print (int)&((struct udp_encap_t_*)0)->cacheline1
$8 = 128

after:
(gdb) print (int)&((struct udp_encap_t_*)0)->cacheline1
$1 = 64

Type: fix
Signed-off-by: Vadym Martsynovskyy <vmartsyn@fb.com>
Change-Id: I066c08654d4a8ef3e2d3954e957d4c5d382b209f
(cherry picked from commit 42386fc974148f812ef3eb73ff09a603caa23565)

ip: fix the punt redirect for ip4

Type: fix

Change-Id: I39341f201209931392f315ead5adfddd8b567caf
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit a84cb715f5a4366dd2f32de18ad92bec566924da)

nat: avoid division by zero

Return error instead of dividing by zero.

Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9f6a942e87ab87e8f1921e744ec1add45884e74a
(cherry picked from commit fe77bdc1906cca6a76bd44b1aceffc971f64cec4)

nat: deterministic: disallow invalid config

Prevent overflow if input network prefix is too small and crash on
packet #1 due to vector not being allocated/initialized.

Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8
(cherry picked from commit f3d7bd9d4d652b1c4b687267acdb9fdb908a74bd)

vppinfra: fix u32x4_gather definition

Type: fix
Change-Id: I3df8d3f277bfadee95bfc329e8ce8b929a986af6
Signed-off-by: Damjan Marion <damarion@cisco.com>
(cherry picked from commit 97b9e008b9e072120ea8b0d98e81e898c3adbd4d)

misc: fix sonarclound warnings

Type: fix
Ticket: VPP-1888
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9c2fb926a5e010658088a74051c8c3462ff61734
(cherry picked from commit 1af730d0dfbb91475c6808ed579494d3d223b724)

api: check id is valid for bounce checking

If the id is invalid we cannot check whether we must free the message or
not, free it anyway.

Type: fix

Change-Id: Ie4426f601390d1e5e14c739f670e8c1e6e3aaf1e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ff13e46215ab96df988310b4a20eddefad92de99)

buffers: fix non-default sized buffers initialization

Type: fix

Change-Id: I4a93e1d9936414c514cb237a22624986b3ef5b3d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c16fe4689055242c64c71d83e41908a8fb6c2726)

vlib: node recyling and node deletion missing triggering graph node sync

When recycling a graph node vnet_register_interface, it is missing an
explicit call to vlib_worker_thread_node_runtime_update(). However,
there is an implicit call to vlib_worker_thread_node_runtime_update()
via vnet_sw_interface_set_flags_helper() if it enables a new feature on
the interface for the first time. But that implicit call is not
guaranteed. For example, if an interface is created, deleted, and
created, then it may skip the implicit call to
vlib_worker_thread_node_runtime_update(). When that happens, the graph
nodes on thread 0 are not sync'ed to the worker threads. So the worker
thread's graph nodes are out of sync momentarily with the main thread's
graph nodes until some other event happens which calls for a sync is
needed. During this window, the worker thread's graph node is
vulnerable and may experience a crash.

When deleting a graph node, we never trigger a sync to the worker
thread. A patch was committed 3 years ago via
https://gerrit.fd.io/r/c/vpp/+/7523 to fix a show run crash. In
hindsight, the approach taken by 7523 is not orthogonal. While at it,
let's fix it right for both issues with a call to
vlib_worker_thread_node_runtime_update() in the appropriate place and
remove 7523.

Type: fix
Ticket: VPPSUPP-86
Fixes: gerrit 7523 / 19e9d954bd9eb4f04d48640d6540198e84ef65d7

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic9472bd2d3a212dbfeceb526506ed0400983a142
(cherry picked from commit 1eae8ecb7acc7d80d5c08e300295bec94bf78f0b)

mactime: print error if feature not enabled

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I8fbc4baefecf512573126c5085ed7a6e2e360fbe
(cherry picked from commit c1f0d9c105c25c67d9ef86a53c10d43d40b61fe0)

fib: fix multiple dpo pool expand cases

Add dpo_pool_barrier_sync/release, use them to clean up
thread-unsafe pool expansion cases.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I09299124a25f8d541e3bb4b75375568990e9b911
(cherry picked from commit 26d890eb4b1ab19fea4d2d02bfc6dc89d2c1b771)

fib: fix adj pool expand cases

adj_alloc (...) is not thread safe when the adj pool or combined
counter vectors expand.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I55710de6ecc083b7434e11798659cca9250c9131
(cherry picked from commit c2d2228e928b7c69dc88e9c3b7502966d0e32d8d)

fib: add barrier sync, pool/vector expand cases

load_balance_alloc_i(...) is not thread safe when the
load_balance_pool or combined counter vectors expand.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7f295ed77350d1df0434d5ff461eedafe79131de
(cherry picked from commit 8341f76fd1cd4351961cd8161cfed2814fc55103)

nat: fix coverity warning

Type: fix

Change-Id: I0e87021b11009a955f5839bdb68af897145816c1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit c39c79c5aa7b5410f3aad4a770a741ab04f7dcc5)

misc: ipfix-export unformat u16 collector_port fix

Use %U and unformat_udp_port instead of %u for unformat() call for
u16 collector_port number in set_ipfix_exporter_command_fn() to
avoid corruption of other variables which can happen if unformat()
with %u is used with a 16-bit variable. This avoids crash due to
corrupted fib_index value.

Type: fix

Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: Id54273fcc458a7f9c5aa4025aa91711f160c1c1a
(cherry picked from commit 2dca180db989ea7afacdf4e70cc85e4408557382)

tap: fix rx queue index

Type: fix

Change-Id: I5601bdeb47d08118476ff7bd29435d2c1dba34b9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit 04f4d91c9fe6c8d639e28edb5dd3df2c82f92428)

dhcp: use per-thread vlib main instead of global one

Type: fix

Change-Id: I8890aa5cc3c576fc9fb68735549dfab721714310
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit dcd4aa2110e274f9185e1e5b47ec22d66cc23136)

nat: fix regarding vm arg for vlib_time_now call

Change in snat_ipfix_header_create() to use thread-specific
vlib_main_t *vm pointer to avoid problems with different threads
accessing the same vlib_main_t data structure. This avoids
assertion failure when vlib_time_now() is called with a vm
corresponding to a different thread.

Type: fix

Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7
(cherry picked from commit 5556813fb63d28240a17ccf18f947e60c4cbb263)

fib: Fix interpose source reactivate

Type: fix

when the interpose is on an adj-fib and the cover is removed the adj
source will not install. this lead to no path list being found for the
interpose source and a crash. pick a drop path list in this case.

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ied217da043926c913657080f5ffb151201225d23
(cherry picked from commit 1bf6df4ff9c83bac1fc329a4b5c4d7061f13720a)

dpdk: fix pktmbuf pool private data init

Type: fix

Change-Id: I7349840af48eec209532dab43a8ad0bd68993268
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit c32a84c70efb45081568fc8aa5fa1884d74865fe)

l2: L2/L3 mode swicth cleanup and l2-patch fix

Cleanup L2/L3 mode switch to not redirect to/from ethernet-input node
as it is no longer necessary.
L2 patch should use sw_if_index for device feature enable/disable.

Type: fix

Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I0f24161d027b07c188fd1e05276146f94c075710
(cherry picked from commit f415a3b53a51b261d08cc3312c25f250d6bc1bd6)

misc: fix typo in set-ipfix-exporter CLI short_help

Type: fix
Change-Id: Id6687780b9a740323bd2eef58447864e70dc0235
Signed-off-by: Ignas Bacius <ignas@noia.network>
(cherry picked from commit f3a522fb3f3a82e579fbdd3f4bb94e399ad95bb1)

vlib: restore commands for non-interactive sessions

'quit' and 'show terminal' are valid for non-interactive sessions too.

Type: fix
Fixes: a58be82dda89d6496f92e451b42eee31f0cf47b4

Change-Id: Ib63244c7b64ad2e30c257ed19e982295f59bfffa
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 10a22a629468b18f5b07316980e2761285283939)

g2: fix the g2 build for Ubuntu 20.04

Shut off deprecated declaration warnings

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I65ea4bbc4d5ee5a11d4e8f554f414f57944c7e1c
(cherry picked from commit 18a86c6e6069cbc9a0d2294ebb7f7cca5f616f84)

vcl svm: fix rx event loss

When vcl_epoll_wait_handle_mq handles rx events exceeding maxevents, VPP will not signal because cursize > 0, and the remaining rx events cannot be triggered because the eventfd event has been read. Therefore, we should dequeue all events until cursize = 0. And then handle msg up to maxevents with vcl_epoll_wait_handle_mq_event and those beyond with vcl_handle_mq_event.

Type: fix
Signed-off-by: hanlin <hanlin_wang@163.com>
Change-Id: I8a0c87cb41c837deb8284b40f668cc3c7d9d6e56
Signed-off-by: hanlin <hanlin_wang@163.com>
(cherry picked from commit d0e646f6892e9c85278c9538760a8940c86dcdbb)

vlib: fix unix cli commands crash without session

If a cli command is run while there are no cli session, then
cm->cli_file_pool will not be initialized and we should not try to
operate on it.

Type: fix

Change-Id: Iaea15a23f7efd5b17fab13e6c1cbb3a9a34080e0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a58be82dda89d6496f92e451b42eee31f0cf47b4)

dpdk: fix crash with chelsio pmd

cxgbe PMD initializes its control channel as part of dev_configure(),
and trying to get link status prior to it will lead to a crash.

DPDK documentation loosely hints that we should not call any device
function before dev_start(), call link_state() only for the relevant
PMDs.

From DPDK API documentation:
The functions exported by the application Ethernet API to setup a device
designated by its port identifier must be invoked in the following
order:
    rte_eth_dev_configure()
    rte_eth_tx_queue_setup()
    rte_eth_rx_queue_setup()
    rte_eth_dev_start()
Then, the network application can invoke, in any order, the functions
exported by the Ethernet API to get the MAC address of a given device,
to get the speed and the status of a device physical link, to
receive/transmit [burst of] packets, and so on.

Type: fix

Change-Id: I12d2ab4d84e6bd72a9f695447e86f3222929c804
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 31eb471d0cb0105ab74ee637028f4ab3cc00cf2a)

sr: fix srv6/srv6-ad/srv6-as promisc mode switch

Calling ethernet_set_flags() to switch interface to/from promiscuous
mode must use use hw_if_index instead of sw_if_index.

Type: fix

Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I72da286b913893227e32193ee11fbbc56e04804d
(cherry picked from commit 5b960c60f61c937d0f862be8a7573922b616de75)

misc: remove useless assignment

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7708587804bc979fa9c46fb11f96d264821e2357
(cherry picked from commit 9a099b6e503659473cbdb8585f823c3c3d83f34e)

vcl: de-init vcl on destroy

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If3372e3edd403240c2c9da746246170549a3e644
(cherry picked from commit 69d97256d5ca5b06b4399d8369a7a4c3b544a94d)

tcp: avoid rcv wnd less than mss

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I84ec1c91a3a7b2195aad58923fa6f17f551444cb
(cherry picked from commit f2fe353cc829f2074d63ebba9bb3b25e5ceb20af)

lacp: missing endian conversions for trace packet format

Fix a couple endian conversions for displaying Marker Protocol packet
in the trace

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I746a67fb6143b5ad52bc4af9604ff8760dbdec9b
(cherry picked from commit 9a244b0a29b3ed517fc3442c9358d79907f67a24)

vlib: fix u64 error counter cli printing

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie35dc623394cfb6c358740361fd85aa0924ab187
(cherry picked from commit 1ae16c8f3bebe33b2404ad845a2f09f910a06390)

vppinfra: set explicit found in search_free_list loop

While https://gerrit.fd.io/r/c/vpp/+/26948 fixed avoid using -1 to
index into h->free_lists[b][l] by changing the loop counter, the
check for the value of the loop counter (l < 0) cannot be trusted
to decide whether we've found a large enough object within the bin
or not. When the loop is terminated, the value of the variable l
could be ambiguous if it equals to 0 and it is never less than 0,
ie, when we bail out of the loop, we don't know if it was due to the
breaking out of the condition in
  if ((s = f_size - size) >= 0)
     break;
or
  while (l > 0);

The fix is to explicitly set a variable when we have found a large enough
object inside the loop to be used to test whether the loop was prematurely
terminated (found == 1) or the loop just ran exhausted (found == 0)

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0161813fbd44dcba8982a767eac2e0930e9d77e3
(cherry picked from commit a5436ae2516edc955f26c6aa4103f5946ee8653c)

ethernet: fix coverity warning

Type: fix
Ticket: VPP-1837

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I20daa023eed50f8b42e8dc2d17e47a54aa16ae31
(cherry picked from commit 13f64ce2272539d97b8c499e8e298a053fb3c9e2)

dpdk: fix compiling issue with clang

When building vpp image with below command, clang reports warnings/errors
on the unused option '-L', as it's not linking stage, and does not require
linking libraries.

In dpdk.mk, the linking library path should be attached to
DPDK_EXTRA_LDFLAGS, instead of DPDK_EXTRA_CFLAGS

$ make build-release CC=clang V=1

clang -Wp,-MD,./.ark_ddm.o.d.tmp  -fPIE -fPIC -pthread -I/root/origin/build-root/build-vpp-native/external/dpdk-20.02/lib/librte_eal/linux/eal/include  -march=armv8-a+crc -DRTE_MACHINE_CPUFLAG_NEON -DRTE_MACHINE_CPUFLAG_CRC32  -I/root/origin/build-root/build-vpp-native/external/dpdk-20.02/arm64-armv8a-linuxapp-clang/include -DRTE_USE_FUNCTION_VERSIONING -include /root/origin/build-root/build-vpp-native/external/dpdk-20.02/arm64-armv8a-linuxapp-clang/include/rte_config.h
-D_GNU_SOURCE -O3 -I./ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wold-style-definition -Wpointer-arith -Wnested-externs -Wcast-qual -Wformat-nonliteral -Wformat-security -Wundef -Wwrite-strings -Wdeprecated -Wno-missing-field-initializers -Wno-address-of-packed-member -Werror   -g -mtune=generic -L/root/origin/build-root/install-vpp-native/external/lib -I/root/origin/build-root/install-vpp-native/external/include -o ark_ddm.o -c
/root/origin/build-root/build-vpp-native/external/dpdk-20.02/drivers/net/ark/ark_ddm.c
== Build drivers/vdpa/ifc
clang: warning: argument unused during compilation: '-L/root/origin/build-root/install-vpp-native/external/lib' [-Wunused-command-line-argument]
clang: error: argument unused during compilation: '-L/root/origin/build-root/install-vpp-native/external/lib' [-Werror,-Wunused-command-line-argument]

Type: fix

Change-Id: If8fd9b19d0aff9d3c27d77e78cd3064bb1ad6565
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com>
Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
(cherry picked from commit 88d6ce2bee53b7c9f876aa78c5db8ab1ea75c08a)

vppinfra: loop counter off by 1 in search_free_list()

In search_free_list(), we have this do while loop.
do
  {
    l--;
    f_index = h->free_lists[b][l];
    f = elt_at (h, f_index);
    f_size = heap_elt_size (v, f);
    if ((s = f_size - size) >= 0)
      break;
  }
while (l >= 0);

When (l == 0), we still go back up to execute l--. Then l become -1. The
next statement is we index h->free_lists[b][-1]. After that, elt_at() would
probably cause a crash in the ASSERT.

Type: fix
Ticket: VPPSUPP-63

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I617d122aa221cfdfe38f8be50f4e0f0e76e11bb5
(cherry picked from commit ec7012e51edef4aec2239cb5b3a249f46d9b2cb0)

misc: fix coverity warnings

Type: fix
Ticket: VPP-1837

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I51660e4b02f449bd2db12a8cfd395c6c343d2dee
(cherry picked from commit c72950e811880c22e5b350c4b1cb5e31b0735b4d)

rdma: fix clang build

Type: fix

Change-Id: I9b613f0af484f601dd20a851e2f59ee5e06b5c37
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 971c5be27996985e40f178c8d540a5807a428283)

vcl: allow vcl worker index to be set by applications

When using vppcom_session* apis to setup TCP sessions in applications build outside of the VPP repository, it is necessary to set the worker_index explicitly when these apis are called from the none-VCL worker threads. An example is when data is to be sent to the TCP session that is originated from a different thread, like the main program thread or from the bin api thread. This change allows the application to set it.

Type: fix

Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Change-Id: I37f3654a49ea9a8cf3a0d3d0e672583018c12299
(cherry picked from commit 6017ff0dd7a27c062d0ad4687bfc70a69747ac55)

api: fix include_guard when path contains a plus

The path to VPP source might contain a '+' when building it
with Yocto/OpenEmbedded.

Type: fix

Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Change-Id: I205ac0de7d8726724af0e30f5b199391e05dc615
(cherry picked from commit 7f286f720d6fe2115423212dda6af66dd810691d)

misc: add Matt Smith to the committer list

In hopes of restoring his +2 button...

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2600daab5afa4334713695d1074706fbb287832f
(cherry picked from commit e891ac2f198e7c00dceb2f2c6510f9bdf1cb91d1)

vcl: disconnect both flavors of bapi transport on destroy

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6697296b45c5816a31535b0cf44b8e726292b8bb
(cherry picked from commit dc0ded7dd7a6b8ee68df25cd56666de804e55e64)

vcl: add separate fcntl64 ldp handler

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb81e2901398dd6ae94931c705a704c7b52bbb36
(cherry picked from commit d7586d50f68655631482f33a83a1fe6f4f21ff64)

vlib: use flexible array in vlib_buffer for GCC-10

GCC-10 increase overflows-related warnings but gets confused by 0-length
arrays. Use C99 flexible length array instead.

Type: fix

Change-Id: Ie62cfa8faaa408479a598785fd3f06ffd0233c7a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 049d0b438ef2971181549f195c7e0338cd1c60f4)

stats: add apis to delete simple/combined counters

vlib_free_simple_counter()
vlib_free_combined_counter()

Frees the name and two dimensional vector from the stats segment.

Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If1becf7d09520ba41a3d59e2df94958ecfcf6948
(cherry picked from commit a568a19b2956ed8b94b11c2ef041412473dc8442)

ioam: do not reuse existing vnet symbol

vxlan_gpe_init() is already defined in libvnet. When loading ioam plugin
we end up having 2 different objects using the same symbol.
ASan in GCC-10 started to enforce the One-Definition-Rule and it seems
like good hygiene anyway.

Type: fix

Change-Id: I2ea9af1821bca6482a290742e9a109fc25692f37
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 83ceffcd980494c6146ca67a0fa709b2c37ef13e)

vppinfra: harmonize function names

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Icce7eab4510785e15bdcf97e4d1881b0f46f6899
(cherry picked from commit d4a639bbd2257a88fa3f06939a23c13af1d56dd3)

vppinfra: selectively disable false-positive GCC-10 warnings

GCC-10 increase overflows-related warnings but is confused by SIMD
operations.

Type: fix

Change-Id: Iafde754c2fbec60e2d0a328f295b1f5c156d8234
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a66971f980187efd03a84d340b80a7d3cf39deac)

ip: reassembly: fix one possible use-after-free

When use the kv->v.memory_owner_thread_index as the index to get the
reass in pool, maybe this element is freed by the owner thread because
of timeout, too many fragments, and so on.

So we should check if do_handoff with kv->v.memory_owner_thread_index
before get the reass from pool.

Type: fix

Signed-off-by: Gao Feng <davidfgao@tencent.com>
Change-Id: Ie0f1dc368f86d0fd65292ca0c5e1908348015e09
(cherry picked from commit 9165e0365cc21575fd3e4a98be59317a839553f4)

vppinfra: selectively disable false-positive GCC-10 warnings

GCC-10 increase overflows-related warnings but failed to infer that
b->n_cached_bytes is always < sizeof(uword).

Type: fix

Change-Id: I956ae609abc9e39d4a932e5801510999d7d27b79
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ffbcf6178891bd68a97543ac91d28f37256d5e13)

build: add vppinfra/warnings.h to exported headers list

To allow the use of WARN_ON/OFF macros to selectively disable build
warnings.

Type: fix

Change-Id: Iceb9d28b2b80c373afb51900880c23041be836db
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit be7dbbbfdd49fcfff851f38d1d36d08fc9710604)

devices: allow link state down with netlink

Type: fix

Use the up parameter in vnet_netlink_set_link_state(). It was
ignoring the parameter and always setting IFF_UP on an interface.

Change-Id: I0d44406d982afbdc43bc6b26d0f22c0bdd47abdc
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 81284163a293759bc5c2d6a124639c6796589d15)

vcl: generate select events on read/write errors

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3429f9d0406b6d710846fc82d77400f26f77fdf4
(cherry picked from commit 5e6222a0332e38316b5a58b23c35cca69bb72025)

vppinfra: finish deprecating qsort.c

Minor change to vec_sort_with_function(...): don't depend on the qsort
implementation to deal with null, zero-long, or 1-long vectors

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7bd7b0421673d2a025363089562aa7c6266fba66
(cherry picked from commit f593b5792031b3797cdcdfd3fbb33ac4de8c9a5d)

nat: fix extended unit tests

Type: fix
Fixes: b86437b79b82493c2e9728929df417f55b153824

Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2c833928dcdceb4d23dfc161bcc3358272076980
(cherry picked from commit e7f420177620868275add23ba5fcea7c7d18c91a)

vapi: packed enum type generation

Type: fix

if the ,api/.json specifies that a enum should be u8/u16 that the
generated c enum needs to be packed.

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ia0497b45e4c510a5c63cd02e966769bf20686838
(cherry picked from commit b5c0d35f9445d4d99f2c5c7bd3175e68721a8ee5)

misc: update INFO.yaml

Add Benoit Ganne to the committer list, remove committers who have
resigned, list committers in alphabetical order.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ic51092df774464e228cd875acf118827e9cd1923
(cherry picked from commit 0e2751cc1d246145cee6b1e4a588c30270c7ce21)

session: fix session_table_get_or_alloc

Extending the fib_index_to_table_index could leave entries uninitialized,
pointing to the session tables at index 0. That session index exists by
default, but it is a IPv4 session table. That would break all IPv6 on
the unitilized fib indexes.

Type: fix

Change-Id: Ie3f0a87a7f829ceb39f75ec06658b0ad1d3813ae
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
(cherry picked from commit 30a28c187b0eb9216d5d7918712d98a4b7a5ba6a)

tcp: avoid bt sample access after possible pool realloc

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I98f943c8862fa74fb576f9ec1fb9186289b1216b
(cherry picked from commit c17ff6ec3b69ef228047bf346e0b524c48d2c96e)

vcl: fix use-after-free

Make sure we disconnect from vlib prior to free-ing the last worker, as
we'll need to access it.

Type: fix

Change-Id: Id5bdd17f0f5efa1ce52021b4270eb4f1e95cc61d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 38ab5672b599df8ef201ca6733c9b008c37fdfa3)

tcp: fix use-after-free

bts can be freed by the call to bt_fix_overlapped(). Save flags for
later use.

Type: fix

Change-Id: If8b48c96ce39e38f2ed7f4db2815122523eb2e05
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a04adbf5368f9ec907508ff36d42fbd72d287120)

vat: fix increment_address(...)

vl_api_address_t uses a packed enum for the address family, compare
a->af directly with ADDRESS_IP4 / ADDRESS_IP6 instead of running a->af
through clib_host_to_net_u32(...) before compare.

Indirectly fixes api_ip_route_add_del(...) w/ count > 1.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib7f562ec9e92ee63e52a338d318fcf1ce6221755
(cherry picked from commit 54582663ab7d7105bc2407036a311d68707e5ab9)

vlib: queue_hi_thresh fix to avoid deadlock

Adapt queue_hi_thresh value using num_threads to avoid risk of deadlock
between threads which could happen for example when different NAT
threads try to handoff work to each other at the same time when their
frame queues are congested. This change ensures that each thread can
reserve a queue entry without causing problems even in the most extreme
case when all threads attempt to add to the same queue simultaneously
when the queue is nearly full.

Type: fix

Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I9e02f753bd00833d8dd500d181b0d4f9a454d703
(cherry picked from commit 368104d06ad6d667a8cce152426916fc654b6627)

sr: fix non-NULL terminated string overflow

Type: fix

Change-Id: Ia5ae0e893a5358f61353d20f444d88d79953e482
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit b9753540d2a69bbab807653fc3d0c1b43ec4d6d5)

session: fix use-after-free in input node

Type: fix

Change-Id: Ie60b07abe76ad166f048f5885accd7038d8153b2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 7ce23f25bbc01d534ca294ce88ab0d709e3e03a7)

session: avoid rx notifications on accepting sessions

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iba37e528e968104c3ba9c8324438ba695ddddfd1
(cherry picked from commit da302e4fce1003a2fdd2ace7e1ae09987399092c)

vcl: ensure sessions are open on select events

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4d56b61af574dfdaf6028160ce331606bdf65609
(cherry picked from commit f49cf470c583507fa1b5b841887107071701ef5e)

vcl: expand vcl select maps in ldp if needed

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I56c487821233cebf2146745a4706cb573cc088a5
(cherry picked from commit cbce80aaa3f1853856d4d64c95f10d65caa4d786)

gbp: fix l3-out anonymous test cleanup

Type: fix

Change-Id: Ib455b0a57f9b4f9cb82bb295c220270d0c6e5fe5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 040d47c2cce87255a101f301239192c5599b0db5)